Become a web host

[d_barszczak]

Hi all,

 

Hoping someone can help me here. I currently have a web server that hosts my customers websites. At the moment the only sites hosted are ones that have been developed by my company. I would like to offer a hosting package but am worried about security with php.

 

I don't want my users to access files outside their hosting directory via php as it usually allows full access to the system.

 

Do you know any ways of restricting php like this? Its a Ubuntu Server running php and mysql. The server hosts apache virtual hosts.

 

Thanks in advance!!

[ldougherty]

You want to enable open_basedir in php.ini so that your users can not access any files outside of their home directory that are not specified in their include path.

[nickthrolson]

You can also CHMOD so people cant see the files php.ini file will work too

[trq]

If you seriously asking how to do this and worried about the consequences of not doing it then it is likely you are not ready to host other peoples websites.

 

Running a server is a full time job when its done properly.

[d_barszczak]

Thanks for the info.

 

I fully understand that hosting a web server is a full time job and that I should not be offering a managed hosting service if I am unsure of the security complications. This is the reason why I currently only host websites designed by myself on a very secure and reliable setup.

 

I though asking the question in a PHP support forum may be a good start. I will under no circumstances start running a managed hosting service until I can guarantee my users security.

 

This question was just to point me in the correct direction of further research.

 

Thanks

 

[AtomicRax]

Have you looked at suPHP?